package com.wpen.unit.web.filter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.stereotype.Component;

import com.wpen.unit.exception.BizException;
import com.wpen.unit.web.WebVariables;

/**
 *
 *
 * @author Wang Peng
 * @date 2023年1月7日
 * 
 */
@Component
public class ApiFilterInterceptor extends AbstractInterceptor {

	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		boolean superRs = super.preHandle(request, response, handler);
		if (superRs) {
			String url = request.getRequestURI();
			if (url.endsWith(".html") || url.endsWith(".htm") || url.endsWith(".css") || url.endsWith(".js")
					|| url.endsWith(".jsp") || url.endsWith(".php") || url.endsWith(".jpg") || url.endsWith(".gif")
					|| url.endsWith(".png") || url.endsWith(".ico") || url.indexOf("/api-docs/") > 0) {
				return superRs;
			}
			// 验证权限，不包含/public/路径的，都需要权限
			if (url.indexOf(WebVariables.API_NO_AUTH_PATH) < 0) {
				String token = request.getHeader(WebVariables.REQUEST_HEAD_AUTH);
				if (!"admin::swagger-doc".equals(token)) {
					Object object = request.getSession().getAttribute(token);
					if (object == null) {
						throw new BizException("E99999");
					}
				}
			}
		}
		return superRs;
	}

}
